ralph

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill repeatedly fetches and acts on task data from the task system (e.g., using "task_list action: 'list' / 'get' with repoURL: https://github.com/snarktank/untangle" and reading task descriptions/parent-task-id.txt) and then interprets those user-created task descriptions to decide and execute implementation steps, so untrusted third-party task content can directly influence agent actions.